1、docker+k8s+kubesphere:准备(20200802更新免密)

1、准备-docker+k8s+kubesphere准

环境准备

角色 IP地址 主机名 docker版本 硬件 操作系统
192.168.5.151 node151 docker18.09.9 6核10G CentOS7.8
节点 192.168.5.152 node152 docker18.09.9 6核10G CentOS7.8
节点 192.168.5.153 node153 docker18.09.9 6核10G CentOS7.8

服务器绑定

cat >> /etc/hosts <<EOF
192.168.5.151 node151
192.168.5.152 node152
192.168.5.153 node153
EOF

设置CentOS-Base

curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo   

更新系统

yum  -y  update

相应工具及docker-ce

yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

关闭防火墙

关闭防火墙
systemctl stop firewalld.service && systemctl disable firewalld.service


systemctl stop firewalld && systemctl disable firewalld

关闭 SeLinux

#临时修改
setenforce 0
#永久修改,重启服务器后生效
sed -i '7s/enforcing/disabled/' /etc/selinux/config

关闭swap分区

修改/etc/fstab文件,注释掉 SWAP 的自动挂载,使用free -m确认 swap 已经关闭

//手动关闭swap
swapoff -a
-----------------------------------------------------
#手动修改
vim /etc/fstab
-----------------------------------------------------
/dev/mapper/centos-root /                       xfs     defaults        0 0
UUID=8bb18265-c2f5-46da-875e-0410ac4d3aeb /boot                   xfs     defaults        0 0
#/dev/mapper/centos-swap swap  把这一行注释掉

#查看swap是否关闭
free -m
-----------------------------------------------------
total        used        free      shared  buff/cache   available
Mem:           1994         682         612           9         699        1086
Swap:             0           0           0

同步时间

#安装chrony
yum -y install chrony
-----------------------------------------------------
#修改同步服务器地址为阿里云
sed -i.bak '3,6d' /etc/chrony.conf && sed -i '3cserver ntp1.aliyun.com iburst' /etc/chrony.conf
-----------------------------------------------------
#启动chronyd及加入开机自启
systemctl start chronyd && systemctl enable chronyd
-----------------------------------------------------
#查看同步结果
chronyc sources
-----------------------------------------------------
[root@node151 ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^~ 139.199.214.202               2   6    77    34    -13ms[  -73ms] +/-   68ms
^* tick.ntp.infomaniak.ch        1   6    35    26    -24ms[  -84ms] +/-  126ms
^? electrode.felixc.at           0   8     0     -     +0ns[   +0ns] +/-    0ns
^? a.chl.la                      2   6    37    94   +153ms[ -19.6s] +/-  134ms

创建k8s.conf文件

#向文件中写入以下内容
cat >/etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
#检查
cat /etc/sysctl.d/k8s.conf
#执行以下命令生效
modprobe br_netfilter && sysctl -p /etc/sysctl.d/k8s.conf

安装ipvs

脚本创建了的/etc/sysconfig/modules/ipvs.modules文件,保证在节点重启后能自动加载所需模块。使用lsmod | grep -e ip_vs -e nf_conntrack_ipv4命令查看是否已经正确加载所需的内核模块

//向文件中写入以下内容
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF

//修改权限以及查看是否已经正确加载所需的内核模块
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4


结果如下:
[root@node151 ~]# chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
ip_vs_sh               12688  0 
ip_vs_wrr              12697  0 
ip_vs_rr               12600  0 
ip_vs                 145497  6 ip_vs_rr,ip_vs_sh,ip_vs_wrr
nf_conntrack_ipv4      15053  2 
nf_defrag_ipv4         12729  1 nf_conntrack_ipv4
nf_conntrack          139264  7 ip_vs,nf_nat,nf_nat_ipv4,xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_netlink,nf_conntrack_ipv4
libcrc32c              12644  4 xfs,ip_vs,nf_nat,nf_conntrack

安装ipset和ipvsadm(便于查看 ipvs 的代理规则)

yum -y install ipset ipvsadm

免密操作

node151、node152、node153
1、执行
ssh-keygen -t rsa  一路回车
2、在node151上执行
cd /root/.ssh
cp id_rsa.pub authorized_keys
vim authorized_keys
4、将node152、node153下/root/.ssh/id_rsa.pub的公钥内容复制在node151的authorized_keys里,保存退出
5、复制
scp authorized_keys node152:$PWD
scp authorized_keys node153:$PWD

免密测试
ssh node152
退出
exit

你可能感兴趣的:(k8s,kubesphere,docker,linux,centos)